جهازي يحتضر ... مرفق تقرير

ب

بنت نجد

زيزوومى متألق
إنضم
11 ديسمبر 2008
المشاركات
300
مستوى التفاعل
3
النقاط
390
غير متصل
السلام عليكم ورحمة الله وبركاته ..

الكمبيوتر يعلق وحركة الصفحه غريبه كانها تهتز وكذلك الماوس .. والماسنجر يفتح ددقيقه وبدين يعلق .. فيه ناس عندي تفتح اي رابط في ترافيان من قبل التحالف .. ممكن فيه روابط ملغومه ..

مع فائق التحيه والتقدير






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:32:25 م, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\personal\سطح المكتب\1 تقرير هايجاكZyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bestarabsites Toolbar - {c82ecb7d-e143-46cf-92a7-fc893430d4f0} - C:\Program Files\bestarabsites\tbbest.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: bestarabsites Toolbar - {c82ecb7d-e143-46cf-92a7-fc893430d4f0} - C:\Program Files\bestarabsites\tbbest.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 9097 bytes
 

توقيع : بنت نجد
ترتيب حسب التاريخ ترتيب حسب الأصوات
هذا تقرير الكاسبر

Scan
----
Scanned: 221022
Detected: 0
Untreated: 0
Start time: 08/07/1430 03:13:20 م
Duration: 00:36:39
Finish time: 08/07/1430 03:49:59 م

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------
08/07/1430 03:13:30 م Running module: SMSS.EXE\smss.exe ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\System32\smss.exe ok scanned
08/07/1430 03:13:30 م Running module: SMSS.EXE\ntdll.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\ntdll.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\csrss.exe ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\csrss.exe ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\ntdll.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\ntdll.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\CSRSRV.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\CSRSRV.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\basesrv.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\basesrv.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\winsrv.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\winsrv.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\USER32.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\USER32.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\KERNEL32.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\KERNEL32.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\GDI32.dll ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\GDI32.dll ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\LPK.DLL ok scanned
08/07/1430 03:13:30 م File: C:\WINDOWS\system32\LPK.DLL ok scanned
08/07/1430 03:13:30 م Running module: csrss.exe\USP10.dll ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 

توقيع : بنت نجد
تأييد 0
وهذا تقرير البرنامج اللذي طلبت


ComboFix 09-06-29.04 - WINDOWS 06/30/2009 15:58.10 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.3062.2676 [GMT 3:00]
Running from: c:\documents and settings\WINDOWS\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-30 11:15 . 2009-06-30 12:55 6176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 10:23 . 2009-06-30 10:23 -------- d-sh--w- C:\FOUND.000
2009-06-29 13:37 . 2009-06-29 13:37 389120 ----a-w- c:\documents and settings\WINDOWS\Application Data\opengrid\WMA BIAS BOLT.exe
2009-06-29 13:37 . 2009-06-29 13:37 339968 ----a-w- c:\documents and settings\WINDOWS\Application Data\opengrid\frag third heck comp.exe
2009-06-29 13:37 . 2009-06-30 12:56 1019904 ----a-w- c:\documents and settings\All Users\Application Data\Hold Trust Amok Mode\Balm Four.exe
2009-06-29 13:37 . 2009-06-29 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Hold Trust Amok Mode
2009-06-29 13:37 . 2009-06-29 13:37 1019904 ----a-w- c:\documents and settings\WINDOWS\Application Data\opengrid\txpkfzwe.exe
2009-06-29 13:36 . 2009-06-29 13:36 -------- d-----w- c:\program files\opengrid
2009-06-29 13:36 . 2009-06-29 13:36 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\opengrid
2009-06-29 13:36 . 2009-06-29 13:36 598016 ----a-w- c:\documents and settings\WINDOWS\Application Data\opengrid\HIDEOOZEIDOL.exe
2009-06-29 06:20 . 2009-06-29 06:20 -------- d-----w- c:\program files\Crcle Developement
2009-06-29 06:20 . 2009-06-29 06:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-21 10:55 . 2009-06-21 10:55 -------- d-----w- c:\documents and settings\WINDOWS\Local Settings\Application Data\Help
2009-06-21 10:25 . 2009-06-21 10:25 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-21 09:35 . 2009-06-21 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-21 06:39 . 2009-06-21 08:02 7168 ----a-w- c:\windows\system32\drivers\utqymziw.sys
2009-06-20 15:12 . 2009-06-20 15:12 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\300000003400002h\dwwin.exe
2009-06-19 19:02 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\89973491.sys
2009-06-17 03:34 . 2009-06-17 03:34 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\30000000baa00002h\WINWORD.EXE
2009-06-16 22:57 . 2009-06-16 22:57 -------- d-----w- c:\program files\Trend Micro
2009-06-16 22:41 . 2009-06-16 22:41 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\1000000b00002h\rundll32.exe
2009-06-16 08:38 . 2009-06-16 08:38 -------- d-----w- c:\program files\Spellunker
2009-06-16 08:37 . 2009-06-16 08:37 -------- d-----w- c:\program files\ReflexiveArcade
2009-06-15 09:44 . 2009-06-15 09:44 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\300000005db00002h\POWERPNT.EXE
2009-06-14 22:59 . 2009-06-14 22:59 -------- d-----w- c:\windows\system32\KB905474
2009-06-14 22:59 . 2009-03-10 19:26 1430400 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-14 22:59 . 2009-03-10 19:18 453000 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-14 22:21 . 2009-06-14 22:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-14 22:18 . 2008-06-14 17:59 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-14 20:17 . 2009-06-14 20:17 -------- d--h--w- c:\windows\$hf_mig$
2009-06-05 22:10 . 2009-06-05 22:10 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\4000003a100002h\bsplayer.exe
2009-06-04 22:48 . 2009-06-04 22:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 22:48 . 2009-06-04 22:48 152576 ----a-w- c:\documents and settings\WINDOWS\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-31 16:20 . 2009-05-31 16:20 -------- d-----w- c:\documents and settings\WINDOWS\Local Settings\Application Data\Conduit
2009-05-31 16:20 . 2009-05-31 16:20 -------- d-----w- c:\program files\Conduit
2009-05-31 16:20 . 2009-05-31 16:20 -------- d-----w- c:\program files\Hotspot_Shield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 13:00 . 2001-09-19 09:00 59878 ----a-w- c:\windows\system32\perfc001.dat
2009-06-30 13:00 . 2001-09-19 09:00 331342 ----a-w- c:\windows\system32\perfh001.dat
2009-06-30 12:55 . 2009-06-30 11:15 1148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 20:10 . 2008-12-23 16:51 149712 ----a-w- c:\documents and settings\WINDOWS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 22:01 . 2009-05-28 22:01 -------- d-----w- c:\program files\The KMPlayer
2009-05-28 13:36 . 2009-05-28 13:36 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\CyberScrub
2009-05-28 13:36 . 2009-05-28 13:36 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\cleaner
2009-05-28 13:11 . 2009-05-28 13:11 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Malwarebytes
2009-05-28 13:10 . 2009-05-28 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 16:44 . 2009-05-25 16:44 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\10000003100002h\WISPTIS.EXE
2009-05-25 11:06 . 2009-05-25 11:06 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\4000001900002h\iexplore.exe
2009-05-25 10:40 . 2009-05-25 10:40 91136 ----a-w- c:\documents and settings\WINDOWS\Application Data\Thinstall\Windows Live Essentials\400000800002h\wlcomm.exe
2009-05-25 10:29 . 2009-05-25 10:29 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Thinstall
2009-05-25 09:14 . 2009-05-25 09:14 390664 ----a-w- c:\documents and settings\WINDOWS\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-24 21:50 . 2009-05-24 21:50 -------- d-----w- c:\program files\Circle Develoement
2009-05-22 20:49 . 2009-05-22 20:49 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Media Player Classic
2009-05-14 18:08 . 2007-06-08 06:52 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys
2009-05-14 17:56 . 2009-05-14 18:01 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-14 16:56 . 2009-05-14 16:56 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Windows Live Writer
2009-05-14 16:47 . 2009-05-14 16:47 -------- d-----w- c:\program files\Microsoft
2009-05-14 16:47 . 2009-05-14 16:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-14 16:47 . 2009-05-14 16:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-14 16:45 . 2009-05-14 16:45 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-14 16:32 . 2009-05-14 16:32 -------- d-----w- c:\program files\SWiSHmax
2009-05-14 16:30 . 2009-05-14 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-14 13:04 . 2009-05-14 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-12 16:46 . 2009-05-12 16:46 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\ABIG
2009-05-12 16:44 . 2009-05-12 16:44 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Toshiba
2009-05-12 16:35 . 2009-05-12 16:35 -------- d-----w- c:\program files\Circl Developement
2009-05-12 14:19 . 2009-05-12 14:19 -------- d-----w- c:\program files\Windows Live
2009-05-11 16:54 . 2009-05-11 16:54 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\ACD Systems
2009-05-08 17:15 . 2009-05-08 17:15 -------- d-----w- c:\program files\مشغل الفلاش العربي
2009-05-08 16:24 . 2009-05-08 15:42 103090 ----a-w- c:\windows\hpoins08.dat
2009-05-08 15:43 . 2009-05-08 15:43 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-08 15:42 . 2009-05-08 15:42 -------- d-----w- c:\program files\HP
2009-05-08 07:04 . 2008-12-23 15:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 15:42 . 2004-08-03 18:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 14:26 . 2009-05-06 14:26 -------- d-----w- c:\documents and settings\WINDOWS\Application Data\Nero
2009-05-06 07:47 . 2009-05-06 07:40 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-05-06 07:47 . 2009-05-06 07:40 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-05-06 07:47 . 2009-05-06 07:40 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-05-06 07:47 . 2009-05-06 07:40 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-05-06 07:47 . 2009-05-06 07:40 344064 ----a-w- c:\windows\system32\dkll.dll
2009-05-06 07:47 . 2009-05-06 07:40 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-06 07:47 . 2009-05-06 07:40 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-06 07:47 . 2009-05-06 07:40 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-06 07:47 . 2009-05-06 07:47 -------- d-----w- c:\program files\Ozone
2009-05-05 14:06 . 2009-05-05 14:06 -------- d-----w- c:\program files\TrueSuite Access Manager
2009-05-05 13:21 . 2009-05-05 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TOSHIBA
2009-05-05 07:49 . 2009-05-05 07:49 -------- d-----w- c:\program files\CONEXANT
2009-05-05 07:46 . 2009-05-05 07:46 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2009-04-29 04:51 . 2004-08-03 18:55 657920 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2004-08-03 18:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:08 . 2004-08-03 18:46 1846528 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:12 . 2004-08-03 18:55 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-06-16_12.27.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 12:56 . 2009-06-30 12:56 16384 c:\windows\temp\Perflib_Perfdata_67c.dat
+ 2001-09-19 09:00 . 2009-06-30 13:00 59774 c:\windows\system32\perfc009.dat
- 2001-09-19 09:00 . 2009-06-16 07:42 59774 c:\windows\system32\perfc009.dat
+ 2001-09-19 09:00 . 2009-06-30 13:00 395534 c:\windows\system32\perfh009.dat
- 2001-09-19 09:00 . 2009-06-16 07:42 395534 c:\windows\system32\perfh009.dat
+ 2008-12-23 15:08 . 2009-06-26 20:01 449288 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 08:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Test 16"="c:\docume~1\WINDOWS\APPLIC~1\opengrid\HIDEOOZEIDOL.exe" [2009-06-29 598016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-23 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-07-04 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-06-23 3151872]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2008-02-29 2741576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-12-18 2360648]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-14 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [05/05/2009 05:06 م 42608]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [05/05/2009 05:06 م 49152]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [05/05/2009 05:06 م 102400]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [03/08/2004 09:56 م 14336]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [05/05/2009 10:49 ص 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [05/05/2009 10:46 ص 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 10:01 ص 6912]
S3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [23/12/2008 07:46 م 5888]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [23/12/2008 07:07 م 288000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-14 19:18]
2009-06-30 c:\windows\Tasks\AE3C4E64912FC0A8.job
- c:\docume~1\windows\applic~1\opengrid\WMA BIAS BOLT.exe [2009-06-29 13:37]
.
.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-30 16:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3768)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-06-30 16:01
ComboFix-quarantined-files.txt 2009-06-30 13:01
ComboFix2.txt 2009-06-29 11:41
ComboFix3.txt 2009-06-29 10:39
ComboFix4.txt 2009-06-19 17:13
ComboFix5.txt 2009-06-30 12:53
Pre-Run: 29,030,793,216 bytes free
Post-Run: 29,226,598,400 bytes free
201 --- E O F --- 2009-06-14 23:00
 
توقيع : بنت نجد
تأييد 0
اختي انصحك باستعادة النظام
 
توقيع : v.i.p
تأييد 0
كيف تتم الاستعاده ولم اضع نقطه للاستعاده ..
 
توقيع : بنت نجد
تأييد 0
ادخلي ابدأ ثم تشغيل run
ثم اكتبي
%systemroot%\system32\restore\rstrui.exe
 
توقيع : v.i.p
تأييد 0
يعطيك العافيه ... جاري التنفيذ
 
توقيع : بنت نجد
تأييد 0
هاه انحلت المشكلة ولا
 
توقيع : v.i.p
تأييد 0
ماعرف هل مازال كمبيوتري فيه ملفات اختراق او لا .. المشكله 2 لابتوب ونفس المشكله .. واتمنى اعرف سبب الاختراق هل هو روابط ترافيان او غير ذلك ..
 
توقيع : بنت نجد
تأييد 0
ممكن حملتي برنامج ملغوم
 
توقيع : v.i.p
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى